9 May 2025

Nasscom Advisory on the Current Situation

The last 24 hours has witnessed significant escalations by Pakistan on the border towns of India.
As per government sources, the attacks have all been neutralised with no impact on people and
infrastructure. The situation in the border areas remains tense and citizens have been advised to
follow official announcements and stay alert. India, maintains its position on its response being
focused, measured and non-escalatory in nature.

Nasscom is in continuous touch with the government and key stakeholders and have been
advised that there is no impact on business operations across cities (some border towns
witnessed blackouts last night). We have also reached out to a cross section of our members
across cities, and there is complete continuity of operations with no impact being witnessed.

Resilience has been a key pillar for India’s technology industry demonstrated through the years
and during the Covid crisis when companies ensured that global operations were enhanced with
enhanced employee productivity and outcomes.

Some key focus areas for the industry to prioritise are:

1. Enhance Business Continuity Preparedness
a. Identify roles where remote working can be operationalised and where critical
staff will need to work from office.
b. Enhance client confidence with access to clear updates and 24x7 war room (if
required for operations in impacted areas) monitoring the situation
c. Review and monitor the internet infrastructure – plan for network resilience and
uninterrupted access for key projects.

2. Employee Sensitisation
a. Avoid disinformation channels that create panic and spread falsehoods. Some
sources for reference are:
i. Press Information Bureau : www.pib.gov.in
ii. Fact checks on specific news / videos:
https://x.com/pibfactcheck?s=11&t=eaVJrhs1Tvmuz7YCcXDlkQ
iii. WhatsApp channel of Ministry of Defence:
https://www.whatsapp.com/channel/0029VaEHkn3JkK7BfWTsm23W
b. Travel guidelines – some companies are advising employees to focus on essential
travel only and avoid late evening travel.
c. Enable remote working in impacted areas
d. Leadership connects and periodic updates to employees

3. Enhance focus on cyber resilience and end point security

a. Security monitoring and threat hunting for critical operations
b. Strengthen identity protection and deploy MFAs
c. Beef up anti-phishing measures; track and act on every small incident
d. Watch for destructive malware and ransomware attacks

Detailed note on cyber safety measures is annexed to this.

This is an evolving situation and Nasscom will continue to update on this issue if there are
further developments.
Annexure: Cyber Safety Measures

On the backdrop of recent developments impacting national security, NASSCOM-DSCI

recommends its members to have sharp focus on cyber security, following the measures below
but not limited to
• Be alert and vigilant for possible threats; vigilance is the first line of defense.
• Harden systems configurations, minimize the attack surface and try not to leave any gaps
in configuration and installation.
• Take care of vulnerabilities and possible weaknesses: by patching systems promptly,
ensuring zero tolerance for exploitable weakness.
• Enhance security monitoring; active monitoring is critical and even threat hunting for
critical organization. Monitor the traffic diligently for possible anomalies.
• Strengthen identity protection and deploy MFAs wherever required, compromised
credentials are primary attack vectors.
• Beef up anti-phishing measures to counter sophisticated deception campaigns.
• Protection from web defacement and recovering from it. Ensure rapid detection and
restoration of public-facing assets.
• Watchful of malware and ransomware defense: brace for destructive malware and
ransomware attacks.
• Augment DDoS capabilities to counter high volume distributed denial attacks.
• Be watchful of third parties and supply chain components.
• Ensure competent resiliency through diligent backups and necessary arrangements for
business continuity.
• visit www.cert-in.org.in regularly for latest advisories, threat actor IPs/domains, and
port/protocol blocking guidance. Report cyber incident to CERT-In: incident@cert-
in.org.in

……………………………………………………………………………………………………….
Specific Security Action Points

Monitoring & Alerts

• Enable login attempt alerts on sensitive systems (e.g., VPN, admin panels).
• Monitor logs for failed login attempts, config changes, and new device connections.
• Block IPs showing brute-force activity using firewall or endpoint rules.
• Watch for abnormal traffic spikes from foreign or domestic IPs — investigate and
isolate if needed.

Web Server & Infrastructure Hardening

• Block all unused ports (e.g. 23, 445, 3389) on servers, firewalls, and cloud instances.
• Disable RDP/SSH from the internet — only allow access via VPN or internal IPs.
• Scan all web servers and infrastructure for open ports and known vulnerabilities
(use tools like Nmap, OpenVAS).
• If a patch is not possible, protect exposed systems using custom WAF or firewall
rules.
• Remove or isolate unmaintained, old, or unused web applications and systems.
• Apply the latest OS, software, and firmware updates across all systems.

Access Control, Network & System Protection

• Enforce strong passwords (minimum 12 characters; no reuse).
 • Enable Multi-Factor Authentication (MFA) on email, VPN, admin panels, and
cloud platforms.
• Remove ex-employee access and disable all unused accounts.
• Restrict admin privileges to essential personnel only.
• Use VPNs or any other secure access methods for all remote access.

Geo & Threat-Based IP Blocking

• If not critical to business, block incoming traffic from high-risk countries using
firewall or CDN geo-filters. Regularly block IPs and domains linked to threat actors as
shared by CERT-In.